What Port 141 Does
Port 141 is assigned by IANA to emfis-cntl, the EMFIS Control Service, for both TCP and UDP.1 Its companion, port 140, carries emfis-data, the EMFIS Data Service. Together they form a pair: one for data, one for control.
In practice, you will almost certainly never see legitimate traffic on port 141. The service it was reserved for has been defunct for decades. If something is listening on port 141 on your network today, it is not EMFIS.
The Story Behind EMFIS
EMFIS stands for Experimentelles Führungsinformationssystem, which translates to "Experimental Command Information System."2 It was a military management information system developed at FGAN (Forschungsgesellschaft für Angewandte Naturwissenschaften), a German defense research institute based in Wachtberg, near Bonn.
The system ran on a Siemens mainframe under the BS2000 operating system. At some point, an interface to TCP/IP networking was implemented, allowing access via ASCII line terminals. This was the era when ARPANET's protocols were spreading beyond American universities and into NATO-aligned research institutions. EMFIS needed two ports: one for its data channel, one for its control channel. Gerd Beling, a researcher at FGAN's Institute for Radio and Mathematics (FFM), registered both with IANA.3
Beling went on to publish work on network header reduction protocols for heterogeneous military subnetworks4, the kind of unglamorous but critical work that keeps data moving across networks that were never designed to talk to each other.
FGAN itself was eventually absorbed into the Fraunhofer Society, Germany's largest applied research organization. The EMFIS system is long gone. The port assignments remain.
The Well-Known Port Range
Port 141 sits in the well-known port range (0 through 1023). These ports are assigned by IANA and, on most operating systems, require root or system-level privileges to bind to.5 The well-known range was designed to be a reliable namespace: if you connect to port 80, you expect HTTP. If you connect to port 22, you expect SSH.
Port 141 is one of many well-known ports where the assignment exists on paper but the service no longer exists in practice. The port registry is a historical record as much as it is a technical one.
Security Considerations
Port 141 has been flagged by some security databases as having been used by malware for command-and-control communication.6 This is a common pattern with obscure, unused ports: because no legitimate service is expected on port 141, any traffic on it is either a misconfiguration or something worth investigating.
If you see port 141 open on a system:
- It is not EMFIS. The original service has been defunct for decades.
- Investigate immediately. Unexpected listeners on obscure well-known ports are a red flag.
- Check what process owns it. On Linux:
sudo lsof -i :141orsudo ss -tlnp | grep :141. On macOS:sudo lsof -i :141. On Windows:netstat -ano | findstr :141.
How to Check What Is Listening on Port 141
If any of these return a result, find the process ID and determine what software is binding to this port. On a properly configured system, nothing should be.
Related Ports
| Port | Service | Description |
|---|---|---|
| 140 | emfis-data | EMFIS Data Service (the data channel paired with 141's control channel) |
| 139 | netbios-ssn | NetBIOS Session Service |
| 142 | bl-idm | Britton-Lee IDM |
| 143 | imap | Internet Message Access Protocol |
Frequently Asked Questions
Was this page helpful?